TOWARDS EFFICIENT VERIFICATION OF POPULATION PROTOCOLS Michael Blondin, Javier Esparza, Philipp J. Meyer Stefan Jaax TU München
Population Protocols Population protocols (Angluin et al., 2004) are a model of Can be used to model networks of passively mobile sensors and chemical reaction networks. 1 distributed computation of anonymous finite-state agents.
Our Contribution Correct implementation of population protocols is non-trivial Our contribution : A new fully expressive subclass of population protocols suitable for automatic verification. 2 + automatic verification is very hard .
Overview Agents are anonymous : they cannot identify each other. Number of agents is arbitrary, but fixed. Very few resources ! Number of states is finite: States map to opinions (true/false). 3 � Computation in a finite population of identical mobile agents .
Overview Number of agents is arbitrary, but fixed. Very few resources ! Number of states is finite: States map to opinions (true/false). 3 � Computation in a finite population of identical mobile agents . � Agents are anonymous : they cannot identify each other. ? ? ? ? ? ? ? ? ?
Overview Very few resources ! Number of states is finite: States map to opinions (true/false). 3 � Computation in a finite population of identical mobile agents . � Agents are anonymous : they cannot identify each other. � Number of agents is arbitrary, but fixed. ? ? ? ? ? ? ? ? ?
Overview States map to opinions (true/false). 3 � Computation in a finite population of identical mobile agents . � Agents are anonymous : they cannot identify each other. � Number of agents is arbitrary, but fixed. � Very few resources ! Number of states is finite: ? ? ? ? ? ? ? ? ?
Overview 3 � Computation in a finite population of identical mobile agents . � Agents are anonymous : they cannot identify each other. � Number of agents is arbitrary, but fixed. � Very few resources ! Number of states is finite: � States map to opinions (true/false). ? ? ? ? ? ? ? ? ?
Computations in Population Protocols Pairwise asynchronous interactions lead to state changes. Effect of interaction is specified by a transition relation. 4 ? ?
Well-Specified Population Protocols Goal: stabilize to lasting consensus. Final opinion must be unique for every initial configuration. 5
Well-Specified Population Protocols Goal: stabilize to lasting consensus. Final opinion must be unique for every initial configuration. 5
Why well-specification matters Well-specified protocols compute predicates: Every initial configuration can be mapped to the value of the unique consensus. 6
Well-Specification Checking Well-specification for fixed population size: (Sun, Liu, Song Dong and Pang CAV’09) (Chatzigiannakis, Michail and Spirakis SSS’10) (Clément, Delporte-Gallet, Fauconnier and Sighireanu ICDCS’11) 9 states, 28 transitions 7 � PAT : LTL model checker with fairness � bp-ver : graph exploration algorithms + parallelism � Protocols to counter machines verified with PRISM / Spin
Well-Specification Checking Well-specification for fixed population size: (Sun, Liu, Song Dong and Pang CAV’09) (Chatzigiannakis, Michail and Spirakis SSS’10) (Clément, Delporte-Gallet, Fauconnier and Sighireanu ICDCS’11) 7 � PAT : LTL model checker with fairness � bp-ver : graph exploration algorithms + parallelism � Protocols to counter machines verified with PRISM / Spin ≤ 9 states, 28 transitions
Well-Specification Checking Well-specification for fixed population size: (Sun, Liu, Song Dong and Pang CAV’09) (Chatzigiannakis, Michail and Spirakis SSS’10) (Clément, Delporte-Gallet, Fauconnier and Sighireanu ICDCS’11) Possible to verify all sizes? 7 � PAT : LTL model checker with fairness � bp-ver : graph exploration algorithms + parallelism � Protocols to counter machines verified with PRISM / Spin
Well-Specification Problem Well-Specification Problem Given a protocol as input, answer whether it is well-specified. The Well-Specification Problem was shown by Esparza et. al in 2015 to be decidable, but EXPSPACE-hard. Reachability Problem of Petri nets is polynomially reducible to Well-Specification Problem. It is unknown whether the Reachability Problem is primitive recursive! 8
Well-Specification Problem Well-Specification Problem Given a protocol as input, answer whether it is well-specified. Well-Specification Problem. recursive! 8 � The Well-Specification Problem was shown by Esparza et. al in 2015 to be decidable, but EXPSPACE-hard. � Reachability Problem of Petri nets is polynomially reducible to � It is unknown whether the Reachability Problem is primitive
Our Approach Find subclass of well-specified protocols that 9 � Has an automatic membership test of reasonable complexity. � Captures the entire expressive power of population protocols.
Our class Our Class = Layered Termination + Strong Consensus Layered Termination A terminal configuration is always reachable due to universal termination strategy (of a certain form). Strong Consensus Terminal configurations pseudo-reachable from a given initial configuration form unique consensus. 10
Our class Our Class = Layered Termination + Strong Consensus Layered Termination A terminal configuration is always reachable due to universal termination strategy (of a certain form). Strong Consensus Terminal configurations pseudo-reachable from a given initial configuration form unique consensus. 10 NP co-NP
Peregrine gitlab.lrz.de/i7/peregrine two sets of constraints: Consensus holds. 11 � Peregrine : Haskell + SMT solver Z3 � Peregrine reads a protocol and constructs ◦ The first is satisfiable iff. Layered Termination holds. ◦ The second is unsatisfiable iff. Strong
Experimental Results Experiments were performed on a machine equipped with an Intel Core i7-4810MQ CPU and 16 GB of RAM. increased the parameter value until we reached a timeout. 12 � For parameterized families of protocols, we gradually � The timeout was set to 1 hour.
Experimental Results 37 3176.5 Flock of birds [6] 51 1275 181.6 Flock of birds [7] 326 649 3470.8 Prime-Flock of birds 155 72 18.91 Log-Flock of birds 155 2693 1918.67 [1] Draief et al., 2012 [2] Angluin et al., 2007 [3] Clément et al., 2011 [4][5] Angluin et al., 2006 [6] Chatzigiannakis et al., 2010 [7] Clément et al., 2011 Protocol 2555 13 Time[s] 4 4 0.1 Approx. Majority [2] Not well-specified 3 4 Remainder [5] 0.1 Broadcast [3] 2 1 0.1 Threshold [4] Predicate 76 2148 2375.9 Majority [1] | Q | | T | x ≥ y x 1 ∨ . . . ∨ x n Σ i α i x i < c : | α i | ≤ 9 Σ i α i x i mod 70 = 0 x ≥ 50 x ≥ 325 x ≥ 10 7 x ≥ 10 34
Experimental Results 37 3176.5 Flock of birds [6] 51 1275 181.6 Flock of birds [7] 326 649 3470.8 Prime-Flock of birds 155 72 18.91 Log-Flock of birds 155 2693 1918.67 [1] Draief et al., 2012 [2] Angluin et al., 2007 [3] Clément et al., 2011 [4][5] Angluin et al., 2006 [6] Chatzigiannakis et al., 2010 [7] Clément et al., 2011 Protocol 2555 13 Time[s] 4 4 0.1 Approx. Majority [2] Not well-specified 3 4 Remainder [5] 0.1 Broadcast [3] 2 1 0.1 Threshold [4] Predicate 76 2148 2375.9 Majority [1] | Q | | T | x ≥ y x 1 ∨ . . . ∨ x n Σ i α i x i < c : | α i | ≤ 9 Σ i α i x i mod 70 = 0 x ≥ 50 x ≥ 325 x ≥ 10 7 x ≥ 10 34
Peregrine and Correctness Check correctness: add additional constraint in SMT-solver to check whether consensus always has the right value. Peregrine successfully verified all protocols in our benchmark! Verification at least as fast as test for well-specification in most protocols. 14
Peregrine and Correctness Check correctness: add additional constraint in SMT-solver to check whether consensus always has the right value. Peregrine successfully verified all protocols in our benchmark! Verification at least as fast as test for well-specification in most protocols. 14
Peregrine and Correctness Check correctness: add additional constraint in SMT-solver to check whether consensus always has the right value. Peregrine successfully verified all protocols in our benchmark! Verification at least as fast as test for well-specification in most protocols. 14
Concluding Remarks verification problem. automatic approaches only consider populations up to a fixed size! 15 � We introduced a class of population protocols with tractable � No loss in expressive power! � Our approach is automatic and completely parametric. Other
Thank you Thank you for your attention! gitlab.lrz.de/i7/peregrine 15
Recommend
More recommend
